Smart Contract Engineering

The purpose of the present article is to gain an understanding of the opportunities and difficulties created by the introduction and development of the practice of network (smart) contracts. Our research methodology is based on a holistic set of principles and methods of scholarly analysis employed by modern legal science. It uses a dialectical method involving both general approaches (structural system method, formal logical method, analysis and synthesis of individual elements, individual features of concepts, abstraction, generalization, etc.) and particular methods (legal technical, systematic, comparative, historical, and grammatical methods, method of the unity of theory and practice, etc.). We analyze the views of lawyers and other specialists from Russia and abroad, legislative innovations in the field of digital technologies, the practice of blockchain-based smart contracts, and the main risks (whether legal, technological, operational, or criminogenic) of smart contracts for economic activities with a study of their causes. In the present-day situation, it is necessary to move from the legal definition of the smart contract and its legal and technological characteristics, advantages and disadvantages to the implementation of startups in a wide range of areas, especially business, public regulation, and social relations. Scholarly and information support for such processes will contribute to the development of industry, public administration and digital technology applications to improve the life of individual citizens and society as a whole. The introduction of smart contracts does not require the adoption of new laws or regulations. Instead, one should adapt and, possibly, modify existing legal principles at the legislative and judicial levels to pave the way for the use of smart contracts and other new technologies. The system of contract law provides a sufficient framework for regulating transactions without the introduction of any new legal categories. We propose approaches to the legal definition of the smart contract and identify a set of problems that must be solved at the legislative and technical legal levels in order to implement smart contracts effectively in different spheres of life.

Blockchain technology has attracted more and more attention from academia and industry recently. Ethereum, which uses blockchain technology, is a distributed computing platform and operating system. Smart contracts are small programs deployed to the Ethereum blockchain for execution. Errors in smart contracts will lead to huge losses. Formal verification can provide a reliable guarantee for the security of blockchain smart contracts. In this paper, the formal method is applied to inspect the security issues of smart contracts. We summarize five kinds of security issues in smart contracts and present formal verification methods for these issues, thus establishing a formal verification framework that can effectively verify the security vulnerabilities of smart contracts. Furthermore, we present a complete formal verification of the Binance Coin (BNB) contract. It shows how to formally verify the above security issues based on the formal verification framework in a specific smart contract. All the proofs are checked formally using the Coq proof assistant in which contract model and specification are formalized. The formal work of this paper has a variety of essential applications, such as the verification of blockchain smart contracts, program verification, and the formal establishment of mathematical and computer theoretical foundations.

Smart contracts are programs that run atop of a blockchain infrastructure. They have emerged as an important new programming model in cryptocurrencies like Ethereum, where they regulate flow of money and other digital assets according to user-defined rules. However, the most popular smart contract languages favor expressiveness rather than safety, and bugs in smart contracts have already lead to significant financial losses from accidents. Smart contracts are also appealing targets for hackers since they can be monetized. For these reasons, smart contracts are an appealing opportunity for systematic auditing and validation, and formal methods in particular. In this paper, we survey the existing smart-contract ecosystem and the existing tools for analyzing smart contracts. We then pose research challenges for formal-methods and program analysis applied to smart contracts.

Smart contracts can automatically perform the contract terms according to the received information, and it is one of the most important research fields in digital society. The core of smart contracts is algorithm contract, that is, the parties reach an agreement on the contents of the contract and perform the contracts according to the behaviors written in certain computer algorithms. It not only needs to make sure about the correctness of smart contracts code, but also should provide a credible contract code execution environment. Blockchain provides a trusted execution and storage environment for smart contracts by the distributed secure storage, consistency verification and encryption technology. Current challenge is how to assure that smart contract can be executed as the parties' willingness. This paper introduces formal modeling and verification in formal methods to make smart contract model and verify the properties of smart contracts. Formal methods combined with smart contracts aim to reduce the potential errors and cost during contract development process. The description of a general and formal smart contract template is provided. The tool of model checking, SPIN, is used to verify the correctness and necessary properties for a smart contract template. The research shows model checking will be useful and necessary for smart contracts.

Blockchain technology and ‘smart contracts’ are widely debated in many industries, but especially among legal professionals and academics. Some practical legal questions can be answered relatively quickly or have to be postponed by ‘we do not know’ or ‘it depends’. More interesting than those considerations, however, is whether the emergence of smart contracts based on blockchain technology as a technological materialisation of connected contracts raises issues for the conceptualisation of transnational contract law and what a new conceptualisation, taking into account these issues, could look like. To this end, this contribution tries to acknowledge or incorporate existing work in the area of technology and law such as ontologies, legal reasoning and simple markup languages, but then goes beyond that and tries to explore a sociolegal concept of smart contracts that incorporates the sociological concept of networks by Latour and the system-theoretical approaches of Luhmann with the descriptions of ‘connected contracts’ by Teubner, ultimately incorporating them into the aforementioned ‘ technological materialisation’ of the network structure of law generally and connected contracts specifically. This then can serve as an important methodological tool for the future, to research and describe ‘smart contracts’ at a higher level of abstraction. INTRODUCTION Certain contractual agents, also called ‘smart contracts’, running on blockchain technology have gained increasing importance due to promising increased automation and assurance for digital contracting, aiming to bridge law and soft ware code. Thus, this contribution investigates these phenomena, recognising that these developments are potentially game-changing for commerce and further digitalisation of contract law. To this end, ‘smart contracts’ and the systems they are running on are analysed with regard to developments of ‘connected contracts’ and a network(ed) understanding of contract law already developed for newer contractual and company law constructs such as just-in-time production. In order not to limit the examination to ‘traditional’ manufacturing networks but to re-investigate the phenomenon of networks in law more generally, this is complemented by taking account of socio-legal descriptions of networks and law, as well as providing a brief account of current or past alternative approaches to bridge law and technology that are relevant for context and understanding.

Smart contracts are computer programs that are executed by a network of mutually distrusting agents, without the need of an external trusted authority. Smart contracts handle and transfer assets of considerable value (in the form of crypto-currency like Bitcoin). Hence, it is crucial that their implementation is bug-free. We identify the utility (or expected payoff) of interacting with such smart contracts as the basic and canonical quantitative property for such contracts. We present a framework for such quantitative analysis of smart contracts. Such a formal framework poses new and novel research challenges in programming languages, as it requires modeling of game-theoretic aspects to analyze incentives for deviation from honest behavior and modeling utilities which are not specified as standard temporal properties such as safety and termination. While game-theoretic incentives have been analyzed in the security community, their analysis has been restricted to the very special case of stateless games. However, to analyze smart contracts, stateful analysis is required as it must account for the different program states of the protocol. Our main contributions are as follows: we present (i) a simplified programming language for smart contracts; (ii) an automatic translation of the programs to state-based games; (iii) an abstraction-refinement approach to solve such games; and (iv) experimental results on real-world-inspired smart contracts.

Blockchain is an emerging technology that underlies creation and exchange of the digital assets, including cryptocurrency such as Bitcoin and Ether, without the need for a central authority. It provides a public ledger for recording sequence of transactions in blocks that are linked as a chain. Smart contracts are computer programs governing participant agreements that are automatically enforced by consensus protocols in the blockchain. Together, blockchain and smart contracts revolutionize efficient transaction stores, services and workflows that work even among distrusting participants and without a trusted authority. Unfortunately, like most software, smart contracts are vulnerable as evidenced by a recent Decentralized Autonomous Organization (DAO) attack that lost cryptocurrency then-valued about $60 million. Correctness of executions alone is not sufficient to guarantee security of smart contracts. This paper addresses how we can apply model checking, a well-established formal verification technique, to help alleviate security issues in smart contract development. Most existing studies have focused on verification of smart contracts on a specific language and specific platform. Smart contracts may have hidden operational side effects that impact software behaviors. Thus, applying model checking to smart contracts is not necessarily straightforward. This paper presents a general technique for building the core functional models applicable for model checking to identify all possible executions that lead to security breaches. It also shows how resulting executions can be systematically analyzed to help identify security issues. The models are language and system independent in that they can represent any smart contract in any language or any platform. We illustrate and evaluate the technique with a widely used example of a smart contract in a financial system along with experimental results using a well-known model checker, NuSMV in various scenarios.

With the continuous development of blockchain technology, smart contract has become an important research object among the achievable technologies on blockchain technology. Based on the characteristics of decentralization, tamper-proof and transparency of blockchain, it provides a reliable technical support for the implementation of smart contract. Based on blockchain smart contract technology, this paper aims to design a smart contract management engine with higher versatility, security, and feasibility to develop a smart contract from the joint participation of multiple users. The smart contract is proliferated through the P2P network and deposited into the blockchain. And the blockchain is designed to automatically execute the smart contract, providing a new solution to the problems of opacity, easy tampering, and low efficiency of the traditional contract. It is safer and more reliable. By specifying the treaty and trigger conditions through the program code, once the conditions are met, the contract will be automatically executed, which greatly reduces the time and space costs. Using Ether and smart contracts to develop distributed applications to realize this technology, the feasibility of applying blockchain technology in this field is explored, and a new technical implementation is provided for traditional contract signing.

A smart contract is a computer protocol intended to digitally facilitate and enforce the negotiation of a contract in undependable environment. However, the number of attacks using the vulnerabilities of the smart contracts is also growing in recent years. Many solutions have been proposed in order to deal with them, such as documenting vulnerabilities or setting the security strategies. Among them, the most influential progress is made by the formal verification method. In this paper, we propose a formal verification method based on Colored Petri Nets (CPN) to verify smart contracts in blockchain system. First, we develop the smart contract models with possible attacker models based on hierarchical CPN modeling, then the smart contract models are executed by step-by-step simulation to validate their functional correctness, and finally we utilize the branch timing logic ASK-CTL based model checking technology in the CPN tools to detect latent vulnerabilities in smart contracts. We demonstrate that our CPN modeling based verification method can not only detect the logical vulnerabilities of the smart contract, but also consider the impacts of users behavior to find out potential non-logical vulnerabilities in the contracts, such as the vulnerabilities caused by the limitations of the Solidity language.

With the wide application of Internet of Things and blockchain, research on smart contracts has received increased attention, and security threat detection for smart contracts is one of the main focuses. This article first introduces the common security vulnerabilities in blockchain smart contracts, and then classifies the vulnerabilities detection tools for smart contracts into six categories according to the different detection methods: 1) formal verification method; 2) symbol execution method; 3) fuzzy testing method; 4) intermediate representation method; 5) stain analysis method; and 6) deep learning method. We test 27 detection tools and analyze them from several perspectives, including the capability of detecting a smart contract version. Finally, it is concluded that most of the current vulnerability detection tools can only detect vulnerabilities in a single and old version of smart contracts. Although the deep learning method detects fewer types of smart contract vulnerabilities, it has higher detection accuracy and efficiency. Therefore, the combination of static detection methods, such as deep learning method and dynamic detection methods, including the fuzzy testing method to detect more types of vulnerabilities in multi-version smart contracts to achieve higher accuracy is a direction worthy of research in the future.

Blockchain is an emerging technology with broad applications. As an important application of the blockchain, smart contracts can formulate trading rules to manage thousands of virtual currencies. Nowadays, the IoT (Internet of Things) combined with blockchain has become a new trend and smart contract can implement different transaction demands for IoT-blockchain systems. Once there exits vulnerability in the smart contract program, the security of the virtual currency will not be guaranteed. However, ensuring the security of smart contracts is never an easy task. On the one hand, existing smart contracts cannot identify fake users or malicious programs, which is difficult to be regulated at present; on the other hand, smart contracts involving in multiple trading users are very similar to shared-memory concurrent programs. To deal with these problems, this study uses formal verification methods, adopting the Communicating Sequence Processes (CSP) theory to formally model concurrent programs. Then the FDR (Failure Divergence Refinement), a refinement checker or model checker for CSP, is utilized to successfully detect the vulnerability regarding concurrency in one smart contract public in Ethereum. The results show the potential advantage of using CSP and FDR tool to check the vulnerability in smart contracts especially from the perspective of concurrency.

A smart contract is an agreement between two or more parties, which is executed by the computer code. The code does the execution without giving either party the ability to back out, so it ensures the trustless execution. The smart contract is one of the most important features in blockchain applications, which implements trusted transactions without third parties. However, with the rapid development, blockchain smart contracts have also exposed many security problems, and some attacks caused by contract vulnerabilities have led to terrible losses. In order to better deal with such dilemma, making a comprehensive survey about the security verification of blockchain smart contracts from major scientific databases is quite indispensable. Even though the significance of studying security verification of blockchain smart contracts is evident, it is really fresh yet. The major contributions of our survey work come from three aspects. First, after retrieving all-sided research studies, we select 53 most related papers to show the state-of-the art of this topic, where 20 papers focus on dealing with security assurance of blockchain smart contracts, and 33 papers focus on the correctness verification of blockchain smart contracts. Second, we propose a taxonomy toward the topic of security verification of blockchain smart contracts and discuss the pros and cons of each category of related studies. Third, through in-depth analysis of these studies, we come to know that the correctness verification of smart contracts based on the formal method has already become the more significant and more effective method to validate whether a smart contract is credible and accurate. So, we further present representative studies of formal verification of smart contracts in detail to demonstrate that using a formal method to validate blockchain smart contracts must have a promising and meritorious future.

Blockchain smart contracts formalization: Approaches and challenges to address vulnerabilities

The subject and the aim of the study. The article analyzes the approach to smart contract technology, which is reflected in the scientific literature and legislation of Russia and foreign countries, formulates the advantages and disadvantages of a smart contract that affect the implementation and protection of certain constitutional rights, including freedom of contract, the right to protect, the right to manage personal data.Methodology. Guided by formal dogmatic and comparative law methods in research, the author formulates approaches to the concept of a smart contract that has been developed in the practice of foreign countries and deduces how each of the approaches affects the implementation of constitutional human rights. The paper notes that the use of a smart contract based on the federal blockchain does not allow the full implementation of such rights as freedom of contract, the right to self-defense, and the right to manage personal data. In addition, the transnational nature of smart contracts usage, their pseudonymity and failure to unified concept of legal regulation create obstacles to the effective implementation of the right to judicial protection.The main results. The practice of legal regulation of smart contracts in foreign countries, aimed at minimizing the negative consequences of the use of technology is considered. Some countries follow to the concept of recognizing a smart contract as a form of contract (Italy, United States, Republic of Belarus) and a way of guaranteeing fulfilment of obligations (China, Italy, Republic of Belarus, Russian Federation). The second concept is considered as being the most restrictive for digital progress from one side but being able to guarantee protection of human rights such as right to judicial protection or freedom of contract. The first concept which shows smart contract being a type of contract carries additional risks associated with conclusion of a treaty - inconsistency of the smart contract with the actual will of the parties. The third concept considered smart contract as a type of contract is accepted in the Republic of Malta. The Republic of Malta regulated procedure of voluntary certification for smart contracts that allow to eliminate such threats as violation of human rights and the use of smart contracts for criminal purposes. The experience of legal regulation of smart contracts in the Republic of Malta is recognized as reasonable and effective, however, it is concluded that certification will achieve its goals only if it will be implemented in the legal system of wide range of the countries.Conclusions. It is concluded that despite the fact that the smart contract technology has high potential for its implementation in various fields of social and economic life, the effective implementation of smart contract technology in various spheres of society requires the formation of general legal principles for their application, the definition of areas in which the use of smart contracts is prohibited, as well as the development of international standards for their safe execution.

Smart contracts are digital contracts that rely on Blockchain technology to make their terms and execution conditions unforgeable. The purpose of a smart contract is to eliminate the need for a middleman in business and trade between anonymous and identified participants. Since 2016, smart contracts have been gaining traction in various areas, including public management, supply chain, energy, finance, communication, and healthcare. Anyone who interacts with a smart contract after it is launched on the blockchain system will be in danger if it contains vulnerabilities or faults. Therefore, the use of formal methods which are mathematical techniques for modeling, designing, and testing software and hardware systems to ensure they are constructed correctly, is highly required. In this paper, the applied state-of-the-art formal methods on smart contracts specification and verification have been reviewed with the aim of minimizing the risk of faults and bugs occurrence and avoiding possible resulting costs. Also, we have discussed several challenges and future research guidelines related to this emerging research tonic.